Enter the Gungeon (and also Wizard of Legend) connects to the internet every time the game is launched. The game does not have any online elements, so this is essentially a form of spyware where the game is monitoring and reporting on your playing habits.

The game hard crashes before reaching the main menu if you block this internet access attempt with a firewall. The only way to prevent this access/reporting/spying attempt by the game is to physically disconnect your internet before launching the game. The game will see that your system has no internet, and will not attempt to send any outgoing packets.

Why is this game bundled with user hostile elements like spying on player's play habits without any way to opt-out or block this short of physically pulling your ethernet cable? This shouldn't be acceptable on a DRM-free platform like GOG, and this sort of built-in spyware is every bit as bad as DRM.

edit: manually adding rules to Windows Firewall to block Incoming and Outgoing traffic for Enter the Gungeon while leaving my third party-firewall set to allow traffic may be a workaround. I presume the traffic is actually getting blocked and not being bypassed somehow as I tested this with a few other programs where having the program set to all traffic enabled in my aggressive third-party firewall (that auto-blocks and alerts on new connections to enable traffic to the program) but blocking the program in Windows with manually entered rules to stop all traffic in the firewall prevents lets the game start just fine. I assume this method works to stop network transmission and it's not somehow getting around the Windows Firewall as I tested this method with a few other programs such as web browsers and having Windows Firewall block the program but enable traffic in my third-party firewall successfully prevents the program from connecting to the internet.

It's worth noting that I have several other offline game that attempt to send data across the internet when started up, and none of them crash the game when the internet access attempt is blocked by my aggressive third-party firewall.

Regardless of this workaround it is not acceptable to bundle games with spying elements, let alone DRM-free ones. Windows Firewall in Win 7 does not pop up an alert that Enter the Gungeon is sending outgoing packets, and if I did not have a better third-party firewall installed I would never have known I was being spied upon when launching the game.

This is really bad. Has this been fixed?

I do really hate when single player games attempt to phone-home.

However, I have blocked this game from accessing the internet using a third-party firewall as well and have not had any crashing under Windows 7 x64.

I have had no issues in the past (with a very old version of ETG from years ago), and I just tested the recent v2.1.2 (x64) and v2.1.3 (x64) builds and (aside from the GOG browser download frequently failing at 100% for this game) did not have any problems or crashing.

Perhaps check the Windows Event Viewer to see if there is any additional information that could narrow down your issue?

My copy only connects to the gunternet...

So what looks like is happening is this is Unity Engine profiling the system, probably for the developers to see what kinds of OS's are running their software, how often, and for how long. This is pretty similar to Youtube's viewing metrics for content creators. I understand why creators would want that information but I also understand why users don't want to feel tracked so I took a very quick look at this and came up with something that looks to be a solution. Please, keep in mind I play EtG on Switch and won't be able to test this "fix" very extensively, I just saw an interesting problem and wanted to see if I could quickly solve it. If this is considered "piracy" or is otherwise against any rules I will delete the post.

32-bit version:

1.) Rename or Delete "<INSTALL_DIR>\EtG_Data\Managed\Unity.Analytics.DataPrivacy.dll"

Explanation: This gets rid of the "data-optout-service" request which contains a user hash and device hash. In very VERY brief testing (read, I launched the game past the menu to "The Breach") this did not seem to have an adverse effect. I'm unsure if this would be re-downloaded in the future but in my brief testing I did not see any verification this file exists.

2.) Open "<INSTALL_DIR>\UnityPlayer.dll" in hex editor like 010 Editor, HxD, etc. This is the main program.

3.) In the hex editor, the offsets we're concerned with are at 0xE922B0, 0xE922DC, and 0xE92304. At these addresses are the URL's the collected information is sent to.

3a.) In the ASCII pane of your hex editor, OVERWRITE ("overwriting" instead of "inserting" is VERY important as changing the size of the file in any way will break the program) the URL's following the "https://" with "localhost".

3b.) In the HEXADECIMAL pane of your hex editor, OVERWRITE the remaining portion of the URL with "00" UNTIL YOU REACH THE PREVIOUSLY EXISTING "00".

The result of these modifications should be 3 occurrences of "https://localhost" followed by hexadecimal "00" until the next occurrence of any character that is not a "00". It's difficult to explain so see the attached image for the completed modification. Modifications are in orange.

Explanation: This change allows the local functions related to the normal collection of data to function but when Unity tries to send the data to its profiling service, the information will instead be sent to your own computer, "localhost". Because your computer is not setup to handle this information it will be ignored. In my brief testing it does not look like any information is expected to be returned by this URL and a lack of response from your computer should not impact the application running properly.

4.) Save the changes to UnityPlayer.dll, close the hex editor, and play your game as usual. There should be no more attempts to send info out to the internet.

Thank you so much for the solution writeup!
Out of curiousity, what was the original URL that gets changed to "localhost"?

I ask because until now, I had been using hosts entries to block Unity (and other gaming-related) telemetry. Specifically this list by EXCONN, which includes the following entries:
stats.unity3d.com
api.uca.cloud.unity3d.com
config.uca.cloud.unity3d.com
perf-events.cloud.unity3d.com
public.cloud.unity3d.com
cdp.cloud.unity3d.com
data-optout-service.uca.cloud.unity3d.com

... so if there's a new URL, I'd love to add it to my, er, collection. :P

Thank you! Looks like it's just regular Unity telemetry bullshit then. :/

I'd suggest to anyone bothered by Unity (and other!) games phoning home, consider EXCONN's block list and/or this one by Penguin Domination.

Using the hosts file, that is the name of the file you have added the URLs to, is not a sure way to block internet access off a binary on your system. It may work in benign/straightforward cases where the software takes no other routes to phone home, and where the binary (which usually calls a certain function in a certain library etc. to then get the IP address) uses your system's resolver and not it's own or where it doesn't use a resolver at all but simply a fixed IP address. In those and quite a few other cases (e.g. creating and subsequently using a new virtual network interface) blacklisting addresses in your hosts file does nothing to stop web access of the software. Again: it may work under certain circumstances, but it's patchwork by controlling one access route to the internet only.

If you don't trust a programme or want to block off internet access entirely, I'd suggest using a sandbox or a virtual machine to achieve that. I have heard of a tool named Sandboxie for MS Windows, but I have no idea what exactly it does or whether it's free software or not.

On Linux the solution is simple yet effective, you'd run the the programme in a security sandbox and prevent internet access.
firejail --net=none --seccomp --caps.drop=all path/to/file.
done.

(note: seccomp and caps.drop are firejail options by which you call certain Linux kernel features that further prevent system access, it's sensible to use them with any untrusted software like games. There are more options, but those would exceed the topic "internet access".)

Sadly, you're right. But hosts is still better than nothing - especially when you're stuck using Windows, and for the cases where you can't stop a program (or the OS itself!) from phoning home.

Another non-hosts workaround for Windows is manually adding the exe to your firewall program, blocking outbound traffic (and inbound, if you're really paranoid). This won't stop the OS from phoning home, but at least solves the issue with telemetry for games that need no online connectivity.